From patchwork Tue Nov 5 18:41:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Ananyev, Konstantin" X-Patchwork-Id: 62491 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0A72DA04A2; Tue, 5 Nov 2019 19:42:10 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9E0FC1BF5C; Tue, 5 Nov 2019 19:42:05 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id A804D1BEF1; Tue, 5 Nov 2019 19:42:02 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2019 10:42:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,271,1569308400"; d="scan'208";a="403454553" Received: from sivswdev08.ir.intel.com ([10.237.217.47]) by fmsmga006.fm.intel.com with ESMTP; 05 Nov 2019 10:41:59 -0800 From: Konstantin Ananyev To: dev@dpdk.org, techboard@dpdk.org Cc: roy.fan.zhang@intel.com, declan.doherty@intel.com, akhil.goyal@nxp.com, Konstantin Ananyev Date: Tue, 5 Nov 2019 18:41:20 +0000 Message-Id: <20191105184122.15172-3-konstantin.ananyev@intel.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20191105184122.15172-1-konstantin.ananyev@intel.com> References: <20191105184122.15172-1-konstantin.ananyev@intel.com> Subject: [dpdk-dev] [RFC 2/4] security: introduce cpu-crypto API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch extends rte_security API with CPU-CRYPTO mode. Crypto PMD that wants to support that functionality would need to: 1. claim RTE_CRYPTODEV_FF_SECURITY capability supported. 2. at device .probe() allocate and initialize security context (dev-> security_ctx). 3. implement at least the following functions inside rte_security_ops: .session_create, .session_get_size, .session_destroy, .process_cpu_crypto_sym For data-path processing consumer of that API would have to maintain: struct rte_security_ctx *ctx, struct rte_security_session *sess Signed-off-by: Konstantin Ananyev --- lib/librte_security/rte_security.c | 11 +++++++++++ lib/librte_security/rte_security.h | 22 ++++++++++++++++++++++ lib/librte_security/rte_security_driver.h | 20 ++++++++++++++++++++ 3 files changed, 53 insertions(+) diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c index bc81ce15d..243f59105 100644 --- a/lib/librte_security/rte_security.c +++ b/lib/librte_security/rte_security.c @@ -141,3 +141,14 @@ rte_security_capability_get(struct rte_security_ctx *instance, return NULL; } + +__rte_experimental +int +rte_security__cpu_crypto_sym_process(struct rte_security_ctx *instance, + struct rte_security_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num) +{ + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->process_cpu_crypto_sym, + -ENOENT); + return instance->ops->process_cpu_crypto_sym(sess, vec, status, num); +} diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index fed67ab39..0dc8fec09 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -669,6 +669,28 @@ const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx); + /** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param instance security instance. + * @param sess Security session structure + * @param vec Array of vectors for input data + * @param status Array of status values (one per vec) + * (RTE_CRYPTO_OP_STATUS_* values) + * @param num Number of elems in vec and status arrays. + * + * @return + * - Returns negative errno value on error, or non-negative number + * of successfully processed input vectors. + * +*/ +__rte_experimental +int +rte_security__cpu_crypto_sym_process(struct rte_security_ctx *instance, + struct rte_security_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num); + #ifdef __cplusplus } #endif diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h index 1b561f852..b348c5817 100644 --- a/lib/librte_security/rte_security_driver.h +++ b/lib/librte_security/rte_security_driver.h @@ -132,6 +132,25 @@ typedef int (*security_get_userdata_t)(void *device, typedef const struct rte_security_capability *(*security_capabilities_get_t)( void *device); +/** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param sess Security session structure + * @param vec Array of vectors for input data + * @param status Array of status values (one per vec) + * (RTE_CRYPTO_OP_STATUS_* values) + * @param num Number of elems in vec and status arrays. + * + * @return + * - Returns negative errno value on error, or non-negative number + * of successfully processed input vectors. + * +*/ +typedef int (*security_process_cpu_crypto_sym_t)( + struct rte_security_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num); + /** Security operations function pointer table */ struct rte_security_ops { security_session_create_t session_create; @@ -150,6 +169,7 @@ struct rte_security_ops { /**< Get userdata associated with session which processed the packet. */ security_capabilities_get_t capabilities_get; /**< Get security capabilities. */ + security_process_cpu_crypto_sym_t process_cpu_crypto_sym; }; #ifdef __cplusplus